Search This Blog
Powered by Blogger.

Blog Archive

Labels

Load More
Trendy Right Now

Popular Posts

Technology
Credit Report CyberCrime Data Breachs Federal Trade Commission FTC Gulf Coast Health System HHS IT system Ransomware Rhysida Singing River SSN Technology

Singing River Health System Suffers Major Data Breach, 895,000 Impacted

 


A ransomware attack that took place in August 2023 is now estimated to have affected 895,204 people within the Singing River Health System. The Singing River Health System operates three hospitals in Mississippi, one in Pascagoula, one in Ocean Springs, and one in Gulfport, which collectively provide over 700 beds to its patients. It is one of the largest healthcare providers in Mississippi. It employs a total of 3,500 people, and it also operates two hospices, four pharmacies, six imaging centres, ten speciality centres, and twelve medical clinics throughout the Gulf Coast region. 

The impacted hospitals were experiencing major IT system outages for several services, including laboratory testing and radiology testing. At the time, Singing River said it was working to process all paper-ordered lab tests and radiology exams as quickly as possible, depending on the priority of the exam. It was revealed by the healthcare organization on September 13, 2023, that a data breach had taken place, and in December 2023 the organization announced that 252,890 individuals were affected by the incident. 

According to a new update shared by the Maine Attorney General, the company reported that 895,204 people were affected by the incident. An August 31, 2023, disclosure from the healthcare system was the first time it reported the breach. As of the time of this writing, the US Department of Health and Human Services (HHS) Office for Civil Rights has been informed of the breach as impacting at least 501 individuals. 

The number will be determined once internal and external investigations have been completed. It has been confirmed that the data exposed to the public is a combination of full names, dates of birth, physical addresses, Social Security Numbers (SSNs), medical information, and health information, according to the latest information in the data breach report and on the organization's website. Singing River assured everyone that despite these issues, they have yet to find evidence that the threat actors were using the data to commit identity fraud or theft. 

It is also worth noting that the company also offers two-year credit monitoring services and identity restoration services to those who may be affected by this. A ransomware group known as Rhysida has been reported as responsible for the attack, making it one of the most serious cybercriminals groups targeting healthcare providers. Approximately 80% of the data that the threat actors claim to have gained from the Singing River has been exposed thus far, which includes 420,766 files totalling 754 GB in size, which comes with a catalogue of 420,766 files that they claim have gained from the Singing River. 

Threat actors will no doubt take advantage of these opportunities to generate other illicit activities, such as phishing if the stolen data includes details that can provide additional information. Due to this, recipients of the free identity restoration and monitoring services provided by the Federal Trade Commission are recommended to immediately apply for them to avoid becoming victims of such campaigns. 

A ransomware gang known as Rhysida was responsible for the attack, as well as other healthcare systems including Prospect Medical Holdings and Lurie Children's Hospital. According to the Health Sector Cybersecurity Coordination Center at HHS, the group has targeted educational institutions, the manufacturing industry, as well as the Chilean army in the past, as well as numerous other institutions.   
The IDX recommendation is that impacted individuals enrol in IDX's services as soon as possible, act with caution when responding to unsolicited communications, monitor all accounts for suspicious activity, and consider placing a security freeze on their credit reports to protect themselves. Threat actors are becoming increasingly attracted to the healthcare sector due to its data holdings and the importance of these data for a community or country, thus making it a highly attractive target for data breach attacks. 

In a cyberattack that occurred last week, DocGo, a provider of mobile medical services, was compromised. For individuals who have been impacted by the SRHS, IDX identity theft protection is offering a free twelve months of credit monitoring services provided by IDX for twenty-four hours a day. Moreover, the company offers guidance on how to prevent identity theft and fraud, which includes steps to report suspicious incidences, as well as placing fraud alerts or security freezes on the credit record to protect the information. 

As well as that, they will be providing information on how users can protect themselves from tax fraud, how to contact consumer reporting agencies, and how to get a free credit report. A report by the Singing River Health System has reviewed the account statements of individuals impacted by the breach and recommended that they monitor their credit reports and account statements closely. 

In the wake of a recent ransomware attack on the Singing River Health System, which resulted in the theft of data belonging to 895,000 individuals, authorities are urging affected persons to take immediate action. It is strongly recommended that anyone who suspects they may be a victim of identity theft or fraud report these incidents to the appropriate authorities without delay. 

Key organizations to contact include the Federal Trade Commission (FTC), which handles consumer complaints and can guide users in protecting their identity. Additionally, individuals should reach out to their state's Attorney General's office, which often has resources and support for victims of identity theft. Reporting the incident to local law enforcement is also crucial, as it helps authorities track and investigate such crimes. By taking these steps, individuals can not only protect themselves from further harm but also assist in the broader effort to combat cybercrime and bring those responsible to justice.
Read more »
Privacy Concern
China Data collection Electric Vehicle Privacy Privacy Concern

Privacy and Security Risks in Chinese Electric Vehicles: Unraveling the Data Dilemma

Privacy and Security Risks in Chinese Electric Vehicles: Unraveling the Data Dilemma

The rapid rise of electric vehicles (EVs) has transformed the automotive industry, promising cleaner energy and reduced emissions. But as we enjoy this automotive transformation, we must also grapple with the intricate web of data collection and privacy concerns woven into these high-tech machines. 

One particular area of interest is Chinese-made EVs, which dominate the global market. This blog post delves into the privacy and security risks associated with these vehicles, drawing insights from a recent investigation.

The Cyber Angle

In 2022, Tor Indstøy purchased a Chinese electric vehicle for $69,000 to accommodate his growing family.

Indstøy had an ulterior motivation for purchasing an ES8, a luxury SUV from Shanghai-based NIO Inc. The Norwegian cybersecurity specialist wanted to investigate the EV and see how much data it collects and transmits back to China.

He co-founded Project Lion Cage with several industry acquaintances to examine his SUV and release the findings.

Since its inception in July 2023, Indstøy and his crew have provided nearly a dozen status reports. These have largely consisted of them attempting to comprehend the enormously complex vehicle and the operation of its numerous components.

The $69,000 Chinese Electric Vehicle Under Scrutiny

In a fascinating experiment, Norwegian cybersecurity researcher Tor Indstøy purchased a $69,000 Chinese electric vehicle—an ES8 luxury SUV manufactured by Shanghai-based NIO Inc. His motive? To dissect the vehicle, uncover its data practices, and shed light on potential risks. 

The project, aptly named “Project Lion Cage,” aims to answer critical questions about data privacy and security in EVs.

The Complexity of EVs: A Data Goldmine

Electric cars are not mere transportation devices; they are rolling data centers. Unlike their gas-powered counterparts, EVs rely heavily on electronic components—up to 2,000 to 3,000 chips per vehicle. 

These chips control everything from battery management to infotainment systems. Each chip can collect and transmit data, creating a vast information flow network within the vehicle.

However, studying EVs is also a challenge. Traditional cybersecurity tools designed for PCs and servers need to improve when dealing with the intricate architecture of electric cars. Researchers like Indstøy face unique challenges as they navigate this uncharted territory.

Privacy Concerns: What Data Lies Beneath?

Indstøy and his team have identified potential areas of concern for the NIO ES8, but no major revelations have been made.

One example is how data gets into and out of the vehicle. According to the researchers, China received over 90% of the communications, which contained data ranging from simple voice commands to the car to the vehicle's geographical location. Other destinations included Germany, the United States, the Netherlands, Switzerland, and others.

Indstøy suggests that the ambiguity of some communications could be a source of concern. For example, the researchers discovered that the car was regularly downloading a single, unencrypted file from a nio.com internet address, but they have yet to determine its purpose.

The Geopolitical Angle

China’s dominance in the EV market raises geopolitical concerns. With nearly 60% of global EV sales happening in China, the data collected by these vehicles becomes a strategic asset. 

Governments worry about potential espionage, especially given the close ties between Chinese companies and the state. The Biden administration’s cautious approach to Chinese-made EVs reflects these concerns.

Read more »
Technology
Artificial Intelligence CISO Hybrid Cloud Private Cloud Technology

AI Enables the Return of Private Cloud

 

Private cloud providers may be among the primary winners of today's generative AI gold rush, as CIOs are reconsidering private clouds, whether on-premises or hosted by a partner, after previously dismissing them in favour of public clouds. 

At the heart of this trend is a growing recognition that in order to handle AI workloads while keeping costs under control, organisations will eventually rely on a hybrid mix of public and private cloud. 

"With how fast things are changing in the data and cloud space, we believe in a hybrid model of cloud and data centre strategy," claims Jim Stathopoulos, SVP and CIO of Sun Country Airlines, who joined the regional airline from United Airlines in early 2023 and acquired a Microsoft Azure cloud infrastructure and Databricks AI platform, but is open to future IT decisions.

Controlling escalating cloud and AI expenses and minimising data leakage are the primary reasons why organisations are considering hybrid infrastructure as their AI solution. Most experts agree that most IT leaders will need to choose a hybrid approach that includes on-premises or co-located private clouds to provide cost control and data integrity in the face of AI's resource requirements and critical business concerns about its deployment. 

According to IDC's top cloud analyst, Dave McCarthy, private cloud platforms such as Dell APEX and HPE GreenLake, which provide generative AI capabilities, as well as co-locating with partners such as Equinix to host workloads in private clouds, could provide a solution to enterprise customers. 

“The excitement and related fears surrounding AI only reinforces the need for private clouds. Enterprises need to ensure that private corporate data does not find itself inside a public AI model,” McCarthy notes. “CIOs are working through how to leverage the most of what LLMs can provide in the public cloud while retaining sensitive data in private clouds that they control.” 

Generative AI changes the cloud calculus 

Somerset Capital Group is one company that has chosen to go private to run its ERP software and pave the path for generative AI. The Milford, Conn.-based financial services corporation moved data to the public cloud over a decade ago and will continue to add workloads, particularly for customer-centric apps. Somerset's EVP and CIO, Andrew Cotter, believes that the company's important data, as well as any future generative AI data, will most likely run on its new hosted private cloud. 

"As we are testing and dipping our toes in the water with AI, we are choosing to keep that as private as possible," he says, noting that while the public cloud provides the horsepower needed for many LLMs today, his firm has the option of adding GPUs if needed via its privately owned Dell equipment. "You don't want to make a mistake and have it ingested or used in another model. We're maintaining tight control and storing it in the private cloud." 

Todd Scott, senior vice president of Kyndryl US, recognises that AI and cost are important drivers driving organisations to private clouds. 

Buying into the private cloud

Analysts believe that private cloud spending is on rise. According to Forrester's Infrastructure Cloud Survey in 2023, 79% of the almost 1,300 enterprise cloud decision-makers polled claimed their companies are developing internal private clouds that will include virtualization and private cloud management. Over a third (31%) of respondents are creating internal private clouds employing hybrid cloud management technologies such as software-defined storage and API-consistent hardware to make the private cloud more similar to the public cloud, Forrester added.

IDC predicts that global spending on private, dedicated cloud services, which comprise hosted private cloud and dedicated cloud infrastructure as a service, would reach $20.4 billion in 2024 and more than double by 2027. According to IDC, global spending on enterprise private cloud infrastructure, which includes hardware, software, and support services, will reach $51.8 billion in 2024 and $66.4 billion in 2027. 

While those figures pale in comparison to the public cloud's projected $815.7 billion in 2024, IDC's McCarthy views hybrid cloud architecture as the future for most organisations in this space. According to McCarthy, the introduction of turnkey private cloud products from HPE and Dell provides customers with a private cloud that can be run on-premises or in a co-location facility that offers managed services. Private clouds may also help organisations better control their overall cloud costs, but he emphasises that both have benefits as well as drawbacks. 

“Enterprises are in a bit of a pickle with this,” McCarthy added. “Security concerns are what is driving them to private cloud, but the specialised hardware required to do large-scale AI is expensive and requires extensive power and cooling. This is a problem that companies like Equinix believe they can help solve, by allowing enterprises to build a private cloud in Equinix datacenters that are already equipped to handle this type of infrastructure.”
Read more »
online frauds
Arrests Cyber Fraud Cyberattacks Cybersecurity Precautions Data Safety digital safety Information Security online frauds

Government Struggles with Low Arrest Rate Amidst 31 Lakh Cyber Fraud Complaints

 

From the high-profile AIIMS cyber attack to widespread data leaks like that of the ICMR, the National Cyber Crime Portal (NCRP) has seen an alarming rise in cyber fraud complaints. Since 2020, the portal has received 31 lakh complaints as of February 2024. 

However, the most concerning issue, as highlighted by the Central government's official communication, is the staggeringly low number of arrests in these cases. Despite over 66,000 cases being registered by various law enforcement agencies, the total number of arrests stands at just 500, amounting to less than 1% of the reported cases. 

This discrepancy has been a recurring topic in meetings within the Ministry of Home Affairs and the Ministry of Finance. During a recent Financial Stability and Development Council (FSDC) meeting, several stakeholders voiced their frustration over the minimal progress in arrests. A significant part of the problem lies in the increasing prevalence of fraudulent loan lending apps, which have severely impacted India's financial infrastructure. 

These apps disproportionately affect low-income groups, leading to significant financial losses as money is often funneled out of the country. According to a senior official present at the FSDC meeting, many of these apps operate from China, posing a dual threat to both financial institutions and the economic stability of vulnerable populations. The official noted that some Indian nationals involved in these crimes inadvertently aid China-based operators, thereby becoming victims themselves. 

In response to these growing concerns, the central government has urged tech giants like Google and Meta to deploy experts to combat the menace. There is a heightened alarm over advertisements run by organized threat actors, many of whom operate internationally. A central cyber agency's analysis revealed that numerous mobile applications were conducting ad campaigns on Meta platforms, leading to a slew of suicides linked to harassment and extortion by illegal app operators and loan recovery agents. 

The misuse of app permissions for harvesting credentials and data adds another layer of risk, potentially enabling future cybercrimes. The FSDC meeting underscored the urgency of addressing these issues, with multiple stakeholders pushing for the Ministry of Home Affairs to take immediate action. Sources indicate that the Ministry is now expected to convene a meeting with various agencies to expedite investigations and increase the number of arrests. 

This coordinated effort aims to enhance the pace and effectiveness of law enforcement responses to cyber fraud, thereby protecting India's financial ecosystem and its most vulnerable citizens.
Read more »
MHA
CBI Cyber Crime Digital Arrest Fraud Calls Law Enforcement MHA

Watch Out for Cyber Scams Impersonating Police



The Ministry of Home Affairs (MHA) has raised an alarm regarding a spike in cybercrime, where fraudsters impersonate law enforcement officers to extort money from unsuspecting victims. Collaborating with Microsoft, the Indian Cyber Crime Coordination Centre (I4C) has already taken action against over 1,000 Skype IDs associated with such fraudulent activities.

In a recent statement, the MHA cautioned the public against a sophisticated online scam staged by international syndicates. These criminals, masquerading as police personnel or representatives of agencies like the Central Bureau of Investigation (CBI) and the Reserve Bank of India (RBI), target individuals with false accusations of involvement in illegal activities or accidents. Subsequently, they demand payment to avoid legal consequences or secure the release of reportedly detained family members.

The way these fraudsters map out this course of action involves contacting victims and claiming that they have received or are about to receive a parcel containing illicit items such as drugs or fake passports. In some cases, they coerce victims into participating in simulated "digital arrests," where they are forced into appearing on video calls, lending an air of authenticity to the ruse. To support their credibility, these criminals operate from mock police stations and government offices, donning uniforms to deceive their targets.

Instances of individuals falling victim to these scams and losing significant sums of money have been reported across the country. The MHA emphasised that this form of organised cybercrime poses an unprecedented threat and is perpetrated by transnational criminal networks.

The I4C, established under the MHA's purview, serves as the focal point for combating cybercrime in India. Through its Citizen Financial Cyber Fraud Reporting and Management System (CFCFRMS), the I4C has intercepted and safeguarded over ₹600 crore from falling into the hands of online fraudsters. This online platform enables rapid reporting of financial cybercrimes, facilitating coordinated action among law enforcement agencies and financial institutions nationwide.

The MHA underscored its collaboration with various ministries, regulatory bodies like the RBI, and other stakeholders to counteract these fraudulent activities. Additionally, the I4C extends technical support and guidance to state and union territory police forces for identifying and investigating cybercrime cases.

To address this issue effectively, the I4C, in partnership with Microsoft, has initiated measures to block Skype IDs, SIM cards, mobile devices, and mule accounts used by cybercriminals. Furthermore, through its social media platform "Cyberdost," the I4C disseminates informational materials, including infographics and videos, to raise awareness and empower citizens to recognise and report cybercrimes promptly.

Given the delicate state of these scams, the MHA urges citizens to remain vigilant and promptly report any suspicious calls or online activities to the designated cyber crime helpline (1930) or the official website (www.cybercrime.gov.in) for assistance and intervention. By fostering a culture of awareness and heedful reporting, individuals can play a critical role in safeguarding themselves and their communities against cyber threats.


Read more »
Money Laundering
Bank Scam Bengaluru Cyber Crime Fraud Money Laundering

Digital Arrest Scam: Bengaluru Man Loses Rs 3.8 Crore to Scammers


A 73-year-old man recently lost Rs 3.8 crore due to the 'digital arrest' threat posed by fraudsters impersonating law enforcement officers. The fraudsters held him under 'digital arrest' from May 5 to 10, saying that he was under Mumbai police monitoring because a parcel shipped in his name to Taiwan contained drugs.

The Setup

It all started on May 5 at 10 a.m., when Rajkumar (name changed), an Indiranagar resident and retired MNC executive, got a call from 8861447031. The caller claimed as a 'FedEx' logistics executive and supplied Rajkumar's Aadhaar and mobile numbers. 

He said that a package shipped to Taiwan under Shankar's name contained five passports, a laptop, 3kg of clothing, and 150 grams of MDMA. He forwarded the phone to a "police officer" after claiming a case against him had been filed at Mumbai's Andheri East cyber police station.

The Deception

A man claimed to be Rajesh Pradhan, DCP (Cybercrime), Andheri and informed Shankar that he was under digital arrest until the inquiry was completed. They warned to arrest him if he left his residence and instructed him to isolate himself in a room. Later, they made a video call to him, and Shankar noticed a police station in the backdrop and assumed he was speaking with actual cops.

Pradhan informed Rajkumar that this was a high-profile and sensitive matter involving VIPs. He was told not to mention their call with anybody and threatened with arrest if he did not obey their instructions. 

The Money Transfer

The con artist added that they discovered a bank account opened in his name that was being used for money laundering. They allegedly examined the charges against him, which included money laundering, NDPS, and other criminal actions, before offering to assist him. 

To protect the account, he was ordered to move the full balance in his bank accounts to Reserve Bank of India (RBI) accounts.

The Aftermath

After promising to repay him after his transactions were verified, they convinced Shankar to send money to their accounts in several transactions. 

After transferring Rs 3.8 crore, Rajkumar was promised that the return would be in his account within 30 minutes of verification and the connection was discontinued. Rajkumar only realized he had been duped after the crooks went mute.

The digital arrest is fake: DCP

According to Kuldeep Kumar Jain, DCP (East), Shankar submitted a report on May 13, and they were able to freeze Rs 9 lakh within two days.

A case has been filed under the Information Technology Act and IPC section 420 (cheating and dishonestly inducing delivery of property).

According to Jain, such claims should not be taken seriously. The police force has no idea of digital arrests or online (virtual) investigations. If you receive such calls, simply disconnect and report them to your nearest police station or the 1930 cyber helpline. If you lose any money, you should contact the police right away. Delays in filing complaints will have an impact on recovery rates.

Read more »
Vincent van Gogh painting
Christie's cyberattack Cyber Attacks high-value items auction Michael Schumacher watches online bidding disruption technology security incident Vincent van Gogh painting

Cyber Attack Disrupts Christie's £670m Art Auctions

 

Auction house Christie's is grappling with significant disruptions in its attempt to sell art and high-value items worth an estimated $840 million (£670 million) due to a sophisticated cyberattack. This incident has significantly impacted their spring auctions, which feature an array of valuable items including a Vincent van Gogh painting valued at $35 million, and rare, collectible wines.

Potential buyers, who typically rely on Christie's comprehensive online catalog, are currently unable to view these items on the auction house’s website, which has been taken offline as a result of the cyberattack. This has created substantial inconvenience for bidders and collectors worldwide who depend on the site for detailed descriptions and images of the lots up for auction.

One of the notable events affected by the cyber incident is the auction of a collection of rare watches, including some previously owned by renowned Formula 1 star Michael Schumacher. This auction has now been postponed, adding to the growing list of complications caused by the cyber breach.

Christie's communicated with the BBC, confirming that they were dealing with what they termed a "technology security incident." Despite this setback, the auction house reassured its clientele that bids could still be placed via telephone and in person, ensuring that the core aspects of their operations remain functional.

In a formal statement, Christie's emphasized, "Christie’s has well-established protocols and practices to manage such incidents, which are regularly tested to ensure resilience." They also mentioned the creation of an alternative website designed to provide basic information about the items scheduled for sale, thereby maintaining some level of access for interested buyers.

The cyberattack's impact became evident last week, yet Christie's managed to conduct a charity auction for watches on Friday in Geneva. This auction, which had already been postponed from its original 2023 date, successfully raised 28 million Swiss Francs (£26.4 million) to support research into Duchenne muscular dystrophy. This successful event highlighted Christie's ability to adapt and continue its operations under challenging circumstances.

Looking ahead, Christie's New York auctions are set to commence on Tuesday, starting with the sale of works owned by esteemed art collector Rosa de la Cruz. This will be followed by auctions featuring collections that span the 20th and 21st centuries. Notably, the 20th-century art collection, valued at a staggering $500 million, includes masterpieces by iconic artists such as Pablo Picasso, Georgia O'Keeffe, and Andy Warhol.

While the primary website remains down, Christie's has ensured that their Christie's Live service will facilitate online bidding, allowing collectors to participate in the auctions despite the cyberattack. This resilience demonstrates the auction house's commitment to maintaining its operations and serving its clients, even in the face of significant technological challenges. 

The disruption caused by this cyberattack is a stark reminder of the vulnerabilities even prestigious institutions like Christie's face in the digital age. As the auction house works to resolve the issue and bolster its cybersecurity measures, it remains dedicated to ensuring the continuity of its services and the security of its clients' information.
Read more »
Vulnerability and Management
Cyber Security Indian Firm Ransomware Threat Landscape Vulnerability and Management

64% of Indian Firms Hit by Ransomware in the Last Year: Sophos

 

A report by cybersecurity solutions vendor Sophos revealed that ransomware attacks against Indian organisations decreased to 64% this year from 73% recorded last year. As per the company's yearly 'State of Ransomware in India 2024' report, victims are facing more severe consequences, including higher ransom demands and recovery expenses in comparison to the previous year, despite a decrease in the number of impacted organisations. An independent study of 5,000 IT decision-makers in 14 countries, 500 of whom were in India, provided the basis for Sophos' survey. Responses based on the previous 12 months were requested from respondents, and experiences gathered between January and February of 2024 are reflected in the findings.

Indian firms paying ransom

For the first time, Indian organisations were found to be more likely to restore data by paying the ransom (65%) than by using backups (52%). The average ransom demand was $4.8 million, with 62% above $1 million, while the median ransom payment was $2 million. 

In attacks against Indian victims, around 44% of impacted devices were encrypted, with 34% of attacks also involving data theft. Excluding ransom payments, the average recovery cost was $1.35 million, and 61% of victims recovered data within a week, up from 59% in 2022. Furthermore, 96% reported the attack to authorities, and 70% received investigation support. 

Global trends 

According to the report's global statistics, just 24% of ransom payers pay the original required sum, with 44% paying less. The average ransom payment equaled 94 percent of the first demand. Ransom financing came from a variety of sources in more than 80% of cases, with groups contributing 40% and insurance carriers covering the remaining 23%. 

Precaution tips 

The report emphasises the critical necessity for robust safety precautions and proactive defence plans to combat increasing ransomware threats. Sophos recommends the following strategies to improve cybersecurity: 

Understand the risk profile: Employ tools to evaluate an organisation's external attack surface. 

Implement endpoint protection: Use endpoint protection technologies to combat various ransomware strategies. 

Enhance defences with threat detection: Continually monitor, investigate, and respond to threats to strengthen security posture. 

Create an incident response strategy: Identify the actions to be performed in the case of a security breach and create and maintain an incident response strategy. Make sure you are ready for any eventuality by regularly backing up important data and practicing data recovery from backups through exercises.
Read more »
rewards
cryptocurrency Cyber Attacks FBI Hackers LockBit LockBit ransomware group ransomware attacks rewards

LockBit Ransomware Group Challenges FBI: Opens Contest to Find Dmitry Yuryevich

 

LockBitSupp, the alleged administrator of the notorious LockBit ransomware group, has responded publicly to recent efforts by the Federal Bureau of Investigation (FBI) and international law enforcement to identify and apprehend him. 

Following the restoration of previously seized domains, law enforcement authorities identified Dmitry Yuryevich Khoroshev as the mastermind behind LockBit operations in a recent announcement. This revelation was accompanied by official sanctions from the U.S., U.K., and Australia, along with 26 criminal charges that collectively carry a maximum sentence of 185 years imprisonment. 

Furthermore, the U.S. Justice Department has offered a substantial $10 million reward for information leading to Khoroshev's capture. Despite these developments, LockBitSupp has vehemently denied the allegations, framing the situation as a peculiar contest on the group's remaining leak site. LockBitSupp has initiated a contest on their leak site, encouraging individuals to attempt contact with Dmitry Yuryevich Khoroshev. They assert that the FBI has misidentified the individual and that Khoroshev is not associated with LockBitSupp. 

The ransomware admin suggests that the alleged identification mistake may have arisen from cryptocurrency mixing with their own funds, attracting the attention of law enforcement. The contest invites participants to reach out to Khoroshev and report back on his well-being, with a reward of $1000 offered for evidence such as videos, photos, or screenshots confirming contact. Submissions are to be made through the encrypted messaging platform Tox, using a specific Tox ID provided by LockBitSupp.  

Additionally, LockBitSupp has shared multiple links to LockBit-associated file-sharing services on the dark web, presumably for individuals to archive details and submit as contest entries. They have also listed extensive personal details alleged to belong to Dmitry Khoroshev, including email addresses, a Bitcoin wallet address, passport, and tax identification numbers. Amidst the contest announcement, LockBitSupp expressed concern for the individual mistakenly identified as them, urging Khoroshev, if alive and aware, to make contact. 

This unusual move by LockBitSupp challenges the assertions made by law enforcement agencies and highlights the complex dynamics of the cyber underworld, where hackers openly taunt their pursuers. LockBitSupp emphasized that the contest will remain active as long as the announcement is visible on the blog. They hinted at the possibility of future contests with larger rewards, urging followers to stay updated for further developments. 

The announcement was uploaded and last updated on May 9, 2024, UTC, leaving the public and cybersecurity community anticipating further developments. Recent indictments have identified Khoroshev as the mastermind behind LockBit operations since September 2019. The LockBit group is alleged to have extorted over $500 million from victims in 120 countries, with Khoroshev reportedly receiving around $100 million from his involvement in the activities.
Read more »
Unjammable Navigation System
Airborne Trial Cyberattacks CyberCrime CyberThreat GPS Smartphones Technology Unjammable Navigation System

Unjammable Navigation System Successfully Tested in Airborne Trial

 


The government, which helped fund the research, said it was the first test of its kind that was publicly acknowledged by the government, which may pave the way for a GPS backup system that is unjammable in the future. A new type of navigation system has been developed in response to the GPS, which is based on satellites. However, the new system uses quantum technology, which refers to technology that uses the properties of matter on a very small scale to achieve its purpose. 

As the minister for science and technology Andrew Griffith said, the test flights provided "further proof of the UK as a world leader in quantum computing". GPS has become a critical part of the military, aircraft, ships, and road vehicles, as well as smartphones, which use it to locate their locations. Despite this, satellite signals are capable of being jammed, or spoofed, so that the location data given by the satellites is misleading. 

There has been a problem with the GPS signal on an RAF plane, which was carrying the UK Defence Secretary Grant Shapps when it was close to Russian territory in March. Earlier this year, the Finnish airline, Finnair, had to temporarily suspend daily flights to Tartu, the second-largest city in Estonia, after two of the aircraft suffered GPS interference. In recent years, the government has been accused of disrupting satellite navigation systems that affect thousands of civilian flights. Many military technologies, such as drones and missiles, use GPS technology. 

Nevertheless, GPS jamming can also be carried out at a small scale, by a few individuals who drive vehicles equipped with GPS trackers for their employers. A GPS satellite receives signals from space, but the satellite emits much less power than the headlights of a car, which can be easily jammed. It is based on a group of atoms that are kept at -273C temperature, almost as cold as it can get. Since these atoms are carried on the plane themselves, they cannot be interfered with by spoofing or jamming because they are carried on the aircraft themselves. 

It is intended that these atoms are used to measure the direction in which the plane is pointing and its acceleration. The combination of these factors can be used to accurately determine the location of the plane. Because quantum systems are regarded as very small particles, they are often referred to as quantum systems. It is extremely difficult to work on such a scale on the ground because of the size of atoms - about a million atoms wide - and the atoms are so small that they seem mind-bogglingly small. 

It was demonstrated in the flight that these atoms could be utilized in such a limited environment as an aircraft and that it would present a challenge in general. According to the government, this is the first flight in the UK using this type of technology, as well as the first flight in the world that has been publicly acknowledged by the government. According to the government, it is the first flight of such technology in the world. 

An aerospace company, BAE Systems and QinetiQ worked with quantum tech firm Inflexion to conduct the trials earlier this month. While quantum technology is rather small in terms of its scale, at present the equipment itself is quite large in terms of its size. For that reason, Henry White, one of the members of the BAE Systems team that worked on the project, believes the first application of the new technology could be aboard ships, "where there is a little bit more space", as he said. Nevertheless, he stated to the BBC that he was confident it would be as small as a shoebox by the time it is developed, and a thousand times more accurate than any comparable system within five to ten years. 

Shipping has been under threat of attack by satellite navigation systems, which have been regarded as a threat to shipping safety. It is primarily intended as a backup for GPS according to Mr. White, but he sees it as more than that. An excellent way to tell the time using GPS signals is to use the signals from GPS satellites as they provide extremely accurate timekeeping. A quantum clock was also taken on board the test flight to see if it could be used as a backup if GPS was blocked during the flight. 

There is no doubt that quantum clocks are extremely accurate, as Mr White pointed out in the lab. An extremely accurate means of telling the time with the help of GPS signals can also be used by using satellite signals. Additionally, as part of the test flight, a quantum clock was carried on board to see if it would prove useful as a backup in the event GPS became unavailable. The best quantum clocks, according to Mr White, can be extremely accurate and have been tested in the lab. Mr. White regards the recent test as a significant milestone in the development of unjammable navigation technology. 

However, he acknowledges that it will take a considerable amount of time before this technology can be actively deployed. Similarly, Ken Munro, representing Pen Test Partners, a cybersecurity firm specializing in aviation, described the test as a substantial step forward. Nevertheless, he cautioned that it would likely be 10 to 20 years before this technology sees practical implementation in commercial aviation within the United Kingdom.
Read more »
Tracking
Cyber Crime DNS DNS Hacking Network Tracking

Hackers Tracking Victims with DNS Tricks


 


Cybercriminals have adopted a highly intricate technique known as DNS tunnelling to carry out malicious activities such as tracking victims and scanning network vulnerabilities, posing a significant threat to cybersecurity. DNS tunnelling involves the encoding of data or commands within DNS queries, effectively transforming DNS into a covert communication channel, which can be challenging for traditional security measures to detect.

Hackers leverage various encoding methods, such as Base16 or Base64, to conceal their digital footprints within DNS records, including TXT, MX, CNAME, and Address records. This covert communication method allows them to bypass network firewalls and filters, using it for command and control operations and VPN activities, thereby upgrading their ability to evade detection by security tools.

The Palo Alto Networks' Unit 42 security research team has recently exposed two distinct campaigns that exploit DNS tunnelling for malicious purposes. The first campaign, dubbed "TrkCdn," focuses on tracking victim interactions with phishing emails, enabling attackers to evaluate their strategies and confirm the delivery of malicious payloads. Additionally, a similar campaign named "SpamTracker" utilises DNS tunnelling to track the delivery of spam messages, highlighting the versatility of this technique in cybercriminal operations.

Furthermore, the second campaign, identified as "SecShow," employs DNS tunnelling for network scanning purposes. Attackers embed IP addresses and timestamps into DNS queries to map out network layouts and identify potential configuration flaws that can be exploited for infiltration, data theft, or denial-of-service attacks. This demonstrates the advancing tactics of cybercriminals in exploiting DNS tunnelling for a wide range of fraudulent activities. 

DNS tunnelling provides threat actors with several advantages, including bypassing security tools, avoiding detection, and maintaining operational flexibility, making it a preferred method for carrying out cyber-attacks. To alleviate this growing threat, organisations are advised to implement DNS monitoring and analysis tools to detect unusual traffic patterns and peculiarities promptly. Additionally, limiting DNS resolvers to handle only necessary queries can reduce the risk of DNS tunnelling misuse, enhancing overall cybersecurity defences.

The discovery of hackers exploiting DNS tunnelling focuses on the importance of staying careful against the pervasive nature of cyber threats and implementing robust cybersecurity measures to protect against potential attacks. By understanding the risks posed by DNS tunnelling and taking the required steps to mitigate them, organisations can effectively safeguard their networks and data.


Read more »
stolen customer details
Cyber Security Cyber Security incident dark web data leak EMBARGO ransomware Firstmac cyberattack non-bank mortgage lender data breach stolen customer details

Mortgage Lender Hacked, Customer Credit Card Details Leaked on Dark Web

 

The non-bank mortgage lender Firstmac has been hit by a cyberattack, resulting in the theft and publication of customer details such as credit card numbers, passport numbers, Medicare numbers, and driver’s licence details on the dark web.

Firstmac, a major non-bank lender based in Brisbane, informed its customers via a letter that an unauthorized party had breached its IT systems. The company stated, “Our ongoing investigation has found evidence that some personal information of our customers has been accessed.”

Firstmac assured affected individuals that they were being notified directly and advised on steps to protect themselves from scams or phishing attempts, in accordance with regulatory requirements. The firm also mentioned that relevant authorities had been informed and were being kept updated on the investigation’s progress.

The technology publication Cyberdaily reported that the hackers responsible for the attack had posted a significant amount of data on the dark web. The ransomware group EMBARGO claimed responsibility for the hack, which occurred in April, and had set a ransom deadline of May 8. Cyberdaily provided screenshots from EMBARGO’s website showing customer addresses, financial details, and email addresses, as well as the contact details of several Firstmac executives and IT team members.

The extent of the breach in terms of affected customers and employees remains unclear. Firstmac was contacted for additional comments on the situation.

Firstmac announced that it had enlisted IDCARE, Australia’s national identity and cyber support service, to assist customers. IDCARE’s services are available at no cost to affected individuals, with expert Case Managers ready to address concerns about the potential misuse of personal information.

The company emphasized that its systems were functioning normally, operations were unaffected, and customer funds were secure. They stated there was no evidence of any impact on customer accounts.

This incident is part of a growing trend of cyberattacks on high-profile Australian organizations. According to the Australian Signals Directorate, over 127,000 hacks against Australian servers were recorded in the 2022-23 financial year, marking a 300% increase from the previous year.

Last year, a data breach at Melbourne travel agency Inspiring Vacations exposed about 112,000 records, totaling 26.8 gigabytes of data, due to a non-password protected database. This breach adds to a list of incidents affecting companies such as Optus, HWL Ebsworth, Latitude Financial, Medibank, DP World, and Dymocks, reflecting a “new normal” of frequent attacks and data leaks.

The Optus breach, in particular, led to new legislation imposing stricter penalties for serious or repeated customer data breaches. Companies failing to protect data now face fines exceeding $50 million.

Attorney-General Mark Dreyfus emphasized the need for robust data protection, stating, “When Australians are asked to hand over their personal data they have a right to expect it will be protected,” and noted that recent significant breaches demonstrated the inadequacy of existing safeguards.

Australia recently abandoned plans to ban ransomware payments, instead opting for mandatory reporting obligations. Research by IT firm Cohesity found that 92% of Australian IT executives would pay a ransom to recover data and restore business processes, with a significant number willing to pay over $US3 million, and some over $US5 million.

Cybersecurity Minister Clare O’Neil highlighted the issues with paying ransoms, stating, “Every time a ransom is paid, we are feeding the cybercrime problem,” and stressed the need for more foundational work before considering a ban on ransom payments.
Read more »
Technology INdustry
Cyberattacks CyberCrime Data Breach Data Security Breach EMBARGO Hackers Login Credentials Non Bank Lender Stock Exchange Technology INdustry

Australia's Premier Non-Bank Lender Suffers Data Security Breach

 


One of Australia's largest non-bank mortgage lenders, Firstmac, has suffered a cyberattack, which resulted in customer information such as credit card and passport numbers, Medicare numbers and driver's licence numbers being stolen and published on the dark web. In a letter sent to its customers, the Brisbane-based lender informed them that one of its information technology systems had been successfully breached by an unauthorised third party, making it one of Australia's largest non-bank lenders. 

According to the non-bank lender, hackers have taken possession of nearly ten thousand driver's licenses and two hundred and fifty thousand "customer records" over the last few days. The company notified the Australian Stock Exchange of the incident. As a result of the unusual activity it has detected on its systems "in the last few days," the company has suspended trading until Monday. The hackers were said to be very sophisticated.

There is no indication that the hackers gained access to Latitude information held at two separate service providers by using employee login credentials - whether they have been stolen or if this was a credential stuffing attack - which they were not aware of. A consortium of investors, including KKR and Deutsche Bank, acquired Latitude from GE in 2015 to sell its credit cards and instalment payment plans to retailers. In 2021, the company became public. 

Firstmac Limited, one of the largest firms in the country, has informed its customers that it has suffered a data breach the day after an alleged theft of 500GB of data from the company by the new Embargo cyber-extortion group was uncovered. In the financial services industry of Australia, Firstmac is primarily known for its mortgage lending, investment management, and securitization services, which it provides to its clients. 

Based in Brisbane, Queensland, the company employs 460 people and has issued 100,000 home loans. At the moment, the firm manages around $15 billion in mortgage loans. Troy Hunt, the creator of Have I Been Pwned, published on X yesterday a sample of the notice letter sent to Firstmac's customers informing them of a major data breach. 

Cyberdaily, the technology industry publication, reported that a large amount of data was posted on the dark web by the hackers behind the attack. EMBARGO, a ransomware gang with roots in the Netherlands, is credited with the hack – which was carried out sometime in April, according to the publication. As a report points out, Firstmac was given a ransom deadline of May 8 by the gang, a deadline that seems to have lapsed since the gang did not appear to have met that deadline. 

Cyberdaily posted screenshots of the dark website EMBARGO, which provided customer information such as their loan and financial information, as well as their email addresses. Several FirstMac executives and IT departments were also published by the gang. It is unclear how many customers and employees have been affected by the breach. 

FirstMac has been contacted for further information. While Firstmac's security systems have been strengthened in recent months, it still assured its beneficiaries that their funds and accounts are safe, and the firm's systems have been bolstered to ensure this. There has been a new requirement that everyone who wants to change an account or add a card to an account will need to provide their two-factor authentication code or biometric information to verify their identity as one of the measures that increased security.

IDCare is offering free identity theft protection services for recipients of the notices. Users are advised to be cautious when responding to unsolicited correspondence and to regularly check their account statements for any unusual activity or transactions. As a resOn the newly formed threat group's extortion page, it appears that only two victims have been identified, and it is unclear whether or not the new threat group is doing their own data breaches, or if they have been buying stolen data from others intending to blackmail the owners. 

A sample of Embargo encryption has still not been found, so it is unknown if this is a ransomware group, or if they are simply aiming to profit by extorting funds. A large number of hacks against Australian servers were recorded in the 2022-23 financial year, which is an increase of more than 300 per cent compared to the previous financial year, according to the Australian Signals Directorate, an agency under the federal government responsible for security and information. 

A data breach was discovered late last year affecting Melbourne travel agency Inspiring Vacations, in which approximately 112,000 records, totalling 26.8 gigabytes of data, were exposed online as a result of an insecure database that couldn't be password protected. The recent data breach of Optus, HWL Ebsworth, Latitude Financial, Medibank, DP World, and Dymocks has been labelled a "new normal" of constant attacks and breaches which have affected millions of Australians including customers of Optus, HWL Ebsworth, Latitude Financial, Medibank, DP World, and Dymocks among others. 

There have now been significant increases in penalties for serious or repeated breaches of customer data, largely due to the Optus breach in particular. As a result of the Embargo extortion group having announced the attack online on its site, there was extensive coverage by Australian media outlets about the attack on Firstmac which occurred at the end of April. Earlier this week, Embargo published all of the data they claimed to have stolen from Firstmac's systems, including documents, source code, email addresses, phone numbers, and database backups, one day after they made a claim it had been stolen.
Read more »
Windows
Apple Critical Flaw iTunes Vulnerabilities and Exploits Windows

Apple Warns Windows Users: Critical Security Vulnerability in iTunes

Apple Warns Windows Users: Critical Security Vulnerability in iTunes

Apple confirms the finding of a critical security flaw in the iTunes program for Windows 10 and Windows 11 users, which could have allowed malicious attackers to execute code remotely at will.

Willy R. Vasquez, a security researcher at the University of Texas in Austin, uncovered the vulnerability, known as CVE-2024-27793. This vulnerability affects the CoreMedia framework, which processes media samples and manages media data queues in iTunes.

A major security flaw in the iTunes app for Windows 10 and Windows 11 users could have allowed malicious attackers to execute code remotely, Apple said in a support article published on May 8.

About CVE-2024-27793

Willy R. Vasquez, a Ph.D. scholar and security expert at The University of Texas at Austin, discovered CVE-2024-27793 and contributed sandboxing code to the Firefox 117 web browser. The vulnerability, rated critical by the Common Vulnerability Scoring System v3, affects the CoreMedia framework, which provides the media pipeline used to process media samples and handle batches of media information, says Apple.

The flaw allows an attacker to execute arbitrary code by sending a maliciously crafted request during the file processing. It is critical to highlight that the attacker does not need physical access to the Windows PC, as the exploitation can be carried out remotely. 

The vulnerability explained

The CVSS v3 critical grade of 9.1 out of 10 is mostly due to the potential for remote code execution. The basic root of the flaw was found as inadequate checks inside the CoreMedia framework component, which Apple fixed with enhanced checks in the most recent release.

Based on the Vulnerability Database resource, CVE-2024-27793 can be leveraged remotely without authentication, although successful exploitation requires human involvement. This interaction could include clicking a link or visiting a website where CoreMedia processes the malicious file

The ease of exploitation and potential impact of arbitrary code execution emphasize the seriousness of this issue. Users should upgrade their iTunes programs to the most recent version to protect themselves from any attacks exploiting this security weakness.

Protecting Your System

Here are some steps you can take to safeguard your system:

  • Update iTunes: Ensure that you’re running the latest version of iTunes. Apple’s security patches are typically included in software updates, so staying up-to-date is essential.
  • Be Cautious: Avoid clicking on suspicious links or visiting untrusted websites. Malicious actors often use social engineering tactics to trick users into interacting with harmful content.
  • Regular Backups: Regularly back up your data to an external drive or cloud storage. In case of a security breach, having backups ensures that you won’t lose critical files.
  • Use Antivirus Software: Install reputable antivirus software and keep it updated. Antivirus tools can detect and block known threats, providing an additional layer of defense.
Read more »
Vulnerability management
Authentication Keys Cyber Security SaaS Apps Threat Landscape Vulnerability management

Here's Why Tokens Are Like Treasure for Opportunistic Attackers

 

Authentication tokens are not tangible tokens, of course. However, if these digital IDs are not routinely expired or restricted to a single device, they may be worth millions of dollars in the hands of threat actors.

Authentication tokens ( commonly called "session tokens") play a vital role in cybersecurity. They encapsulate login authorization data, allowing for app validations and safe, authenticated logins to networks, SaaS applications, cloud computing, and identity provider (IdP) systems, as well as single sign-on (SSO) enabling ubiquitous corporate system access. This means that everyone holding a token has a gold key to company systems without having to complete a multifactor authentication (MFA) challenge. 

Drawbacks of employee convenience

The lifetime of a token is frequently used to achieve a balance between security and employee convenience, allowing users to authenticate once and maintain persistent access to applications for a set period of time. The attackers are increasingly obtaining these tokens through adversary-in-the-middle (AitM) attacks, in which the hacker is positioned between the user and legitimate applications to steal credentials or tokens, as well as pass-the-cookie attacks, which steal session cookies stored on browsers. 

Personal devices comprise browser caches as well, but they are not subject to the same level of security as corporate systems. Threat actors can simply capture tokens from inadequately secured personal devices, making them more vulnerable. However, personal devices are frequently granted access to corporate SaaS apps, posing a risk to corporate networks. 

Once a threat actor secures a token, they get access to the user's rights and authorizations. If they have an IdP token, they can use the SSO features of all business applications that are integrated with the IdP without the need for an MFA challenge. If it is an admin-level credential with accompanying privileges, they have the ability to destroy systems, data, and backups. The longer the token remains active, the more they can access, steal, and damage. Furthermore, they can create new accounts that do not require the token for persisted network access. 

While frequent expiration of session tokens will not prevent these types of assaults, it will significantly reduce the risk footprint by limiting the window of opportunity for a token to work. Unfortunately, we often notice that tokens are not being expired at regular intervals, and some breach reports indicate that default token expirations are being purposely extended. 

Token attacks in the spotlight 

Last year, multiple breaches involving stolen authentication tokens made headlines. Two incidents involved hacked IdP tokens. According to Okta, threat actors were in their systems from September 28 to October 17 as a result of a compromised personal Gmail account. A saved password from the Gmail account was synchronised in the Chrome browser, granting access to a service account, most likely without MFA enforcement. 

Once inside the service account, threat actors were able to obtain additional customer session tokens from ServiceNow's HAR files. The hack ultimately impacted all Okta customer support users. 

Notably, on November 23, 2023, Cloudflare discovered a threat actor attacking its systems via session tokens obtained from the Okta hack. This suggests that these session tokens did not expire 30 to 60 days after the Okta breach – not as a usual course of business, and not in response to the breach.

In September 2023, Microsoft also announced that threat actors had gotten a consumer signing key from a Windows crash dump. They then exploited it to attack Exchange and Active Directory accounts by exploiting an undisclosed flaw that allowed business systems to accept session tokens signed with the consumer's signing key. This resulted in the theft of 60,000 US State Department emails. This hack may not have had the same impact if tokens had been more aggressively expired (or pinned).
Read more »
World Economic Forum
Cyber Security Cyberattacks 2023 Digital Infrastructure Network Security Risk Management safeguard WEF World Economic Forum

Critical Infrastructure and the Importance of Safeguarding it in the Digital Age

 

In today's digital age, our society relies heavily on critical infrastructure to function smoothly. These infrastructures, including power grids, water systems, and communication networks, form the backbone of our daily lives, facilitating everything from electricity distribution to internet connectivity. 

However, with the increasing interconnectedness brought about by technology, these vital systems have become prime targets for cyberattacks. Cyberattacks on critical infrastructure have surged by 35% globally in the past year alone, according to a 2023 report by the World Economic Forum. These attacks pose significant risks, potentially resulting in city-wide blackouts, disruptions in healthcare services, and compromised communication networks. 

The consequences of such breaches can be devastating, not only impacting economic stability but also endangering public safety. Despite these challenges, there is hope on the horizon as governments, businesses, and security experts recognize the urgent need to address cybersecurity vulnerabilities in critical infrastructure. Traditional approaches to cybersecurity, characterized by perimeter defenses and technological fortifications, are proving inadequate in the face of evolving threats. 

Instead, a paradigm shift is underway towards viewing critical infrastructure as a living ecosystem, where every individual plays a vital role in safeguarding the whole. This holistic approach emphasizes the importance of human vigilance alongside technological solutions. While advanced technologies like artificial intelligence and threat intelligence platforms are valuable tools in detecting and mitigating cyber threats, they must be complemented by robust employee training and a culture of security awareness. 

Every employee, from top executives to frontline staff, must be equipped with the knowledge and skills to identify and respond to potential threats effectively. Furthermore, securing critical infrastructure requires a commitment to continuous improvement. Organizations must regularly conduct risk assessments, update protocols, and actively test their defenses to stay ahead of evolving threats. 

This agility and flexibility are essential in adapting security strategies to address emerging vulnerabilities and technological advancements. Malicious actors often exploit human error and social engineering tactics to bypass technological defenses. Therefore, educating and empowering employees to recognize and report suspicious activity is paramount in strengthening overall cybersecurity posture. 

Moreover, collaboration between public and private sectors, as well as international cooperation, is essential in building a comprehensive and resilient defense network. By sharing intelligence, best practices, and resources, stakeholders can effectively combat cyber threats and mitigate their impact on critical infrastructure. 

Securing critical infrastructure in the digital age is not merely a technical challenge but a multifaceted endeavor that requires a united and concerted effort. By embracing a human-centric approach, leveraging advanced technologies, and fostering collaboration, we can create a future where our essential systems operate securely, safeguarding the well-being and prosperity of society.
Read more »
RBI
Artifcial Intelligence Cyber Crime Cyber Laws Fraud RBI

Can Legal Measures Slow Down Cybercrimes?

 


Cybercrime has transpired as a serious threat in India, prompting calls for comprehensive reforms and collaborative efforts from various stakeholders. Experts and officials emphasise the pressing need to address the evolving nature of cyber threats and strengthen the country's legal and regulatory framework to combat this menace effectively.

Former IPS officer and cybersecurity expert Prof Triveni Singh identified the necessity for fundamental changes in India's legal infrastructure to align with the pervasive nature of cybercrime. He advocates for the establishment of a national-level cybercrime investigation bureau, augmented training for law enforcement personnel, and the integration of cyber forensic facilities at police stations across the country.

A critical challenge in combating cybercrime lies in the outdated procedures for reporting and investigating such offences. Currently, victims often encounter obstacles when filing complaints, particularly if they reside outside India. Moreover, the decentralised nature of law enforcement across states complicates multi-jurisdictional investigations, leading to inefficiencies and resource depletion.

To streamline the process, experts propose the implementation of an independent online court system to expedite judicial proceedings for cybercrime cases, thereby eliminating the need for physical hearings. Additionally, fostering enhanced cooperation between police forces of different states and countries is deemed essential to effectively tackle cross-border cybercrimes.

Acknowledging the imperative for centralised coordination, proposals for the establishment of a national cybercrime investigation agency have been put forward. Such an agency would serve as a central hub, providing support to state police forces and facilitating collaboration in complex cybercrime cases involving multiple jurisdictions.

Regulatory bodies, notably the Reserve Bank of India (RBI), also play a crucial role in combatting financial cybercrimes. Experts urge the RBI to strengthen oversight of banks and enhance Know Your Customer (KYC) norms to prevent the misuse of accounts by cyber criminals. They should aim to utilise technologies like Artificial Intelligence (AI) to detect anomalous transaction patterns and consolidate efforts to identify and thwart cybercrime activities.

There is a growing consensus on the necessity for a comprehensive national cybersecurity strategy and legislation in India. Such initiatives would furnish a robust framework for addressing the omnipresent nature of this threat and safeguarding the country's cyber sovereignty.

The bottom line is putting a stop to cybercrime demands a concerted effort involving lawmakers, regulators, law enforcement agencies, financial institutions, and internet service providers. By enacting comprehensive reforms and fostering greater cooperation, India can intensify its cyber resilience and ensure a safer online environment for all.



Read more »
Password Security
Cyber Hacking Cyber Security data security Hacker attack Password Password Hacking Password Security

The Race Against Time: How Long Does It Take to Crack Your Password in 2024?

In the ever-evolving landscape of cybersecurity, the battle between hackers and defenders rages on. One of the fundamental elements of this battle is the strength of passwords. As technology advances, so too do the methods and tools available to hackers to crack passwords. 

In 2024, the time it takes to crack a password depends on various factors, including its length, complexity, and the resources available to the hacker. Gone are the days when a simple six-character password could provide adequate protection. With the increasing computational power of modern machines and the prevalence of sophisticated hacking techniques, such passwords can be cracked in mere seconds. In 2024, the gold standard for password security lies in lengthy, complex combinations of letters, numbers, and symbols. 

So, how long does it take for a hacker to crack a password in 2024? The answer is not straightforward. It depends on the strength of the password and the methods employed by the hacker. For instance, a short, simple password consisting of only lowercase letters can be cracked almost instantly using a brute-force attack, where the hacker systematically tries every possible combination until the correct one is found.  

However, longer and more complex passwords present a significantly greater challenge. In 2024, state-of-the-art hacking tools utilize advanced algorithms and techniques such as dictionary attacks, where common words and phrases are systematically tested, and rainbow tables, which are precomputed tables used to crack password hashes. These methods can significantly reduce the time it takes to crack a password, but they are still thwarted by sufficiently strong passwords. 

The concept of password entropy plays a crucial role in determining its strength against cracking attempts. Password entropy measures the randomness or unpredictability of a password. A password with high entropy is more resistant to cracking because it is less susceptible to brute-force and dictionary attacks. In 2024, experts recommend using passwords with high entropy, achieved through a combination of length, complexity, and randomness. 

To put things into perspective, let's consider an example. A randomly generated 12-character password consisting of uppercase and lowercase letters, numbers, and symbols has an extremely high entropy. Even with the most advanced cracking techniques available in 2024, it could take billions or even trillions of years to crack such a password using brute-force methods. 

However, the human factor remains a significant vulnerability in password security. Despite the availability of password managers and education on password best practices, many people still choose weak passwords or reuse them across multiple accounts. This behavior provides hackers with ample opportunities to exploit security vulnerabilities and gain unauthorized access to sensitive information. 

The time it takes for a hacker to crack a password in 2024 varies depending on factors such as password strength, hacking techniques, and computational resources. While advances in technology have empowered hackers with increasingly sophisticated tools, the key to effective password security lies in employing strong, unique passwords with high entropy. By staying vigilant and adopting best practices, individuals and organizations can fortify their defenses against malicious cyber threats in the digital age.

Read more »
Student Hack
Data Breach Hong Kong Ransomware attack Student Hack

Student Hijacking: Cyberattack Exposes 8,000 Students’ Data in Hong Kong


The personal information of over 8,000 students at a private Hong Kong college has been taken and purportedly placed on the dark web, the latest in a string of cyberattacks in the city that have prompted calls for greater security.

The breach

The Hong Kong College of Technology, which offers a government-subsidized Higher Diploma in Cybersecurity, announced last week that it was the victim of a ransomware attack by hackers in late February, during which several internal papers were taken and encrypted.

This was not a normal cyber attack; it was very targeted and distinctive. HKCT strongly opposes all forms of cybercrime and sincerely apologizes for the annoyance and disruption caused by this event, according to a Chinese statement.

Impact on students

It stated that victims would receive a free six-month "credit monitoring service" and "dark web monitoring service," but refused to identify the number of students or staff affected. According to media sources, the information first leaked on the dark web this week. 

The Privacy Commissioner for Personal Data informed HKFP that the data breach affected around 8,100 students, whose personal information including names, identity card numbers, addresses, email addresses, and phone numbers were disclosed.

The commissioner stated that it was investigating the infraction. It encouraged all victims to change their passwords for online accounts, enable two-factor authentication, and be wary of any unusual phone calls or links sent to their email or phones.

Ransomware attacked locals

Cyberattacks have increased on locals, including the technology park Cyberport and the private Union Hospital.

In April, the hospital's computer system was infected with LockBit ransomware, which caused partial operational paralysis, according to local media sites.

Last year, a hacker got Cyberport's network and maliciously encrypted server files. The hackers sought a ransom of $300,000. Cyperport failed to pay, and 400GB of stolen data was eventually leaked on the dark web, according to TVB.

The Consumer Council's computer system was hacked in September of last year, resulting in a data breach that included information on 289 people who had filed complaints with the council and some personnel and former staff.

After the Union Hospital hacking, Francis Fong, honorary president of the Hong Kong Information Technology Federation said that victims should not pay ransoms since hackers may still make stolen material public regardless of payment.

Fong advised all public and commercial institutions to upgrade their computer systems regularly to address vulnerabilities and improve security.

Privacy Commissioner’s Advice

  • Review Security Settings: Organizations should review their communication platforms’ security settings. Strengthen authentication mechanisms and limit access to authorized personnel.
  • Report Incidents Promptly: Organizations must promptly report data breaches to the PCPD. Transparency is crucial in maintaining public trust.
  • Collaborate with Law Enforcement: Work closely with law enforcement agencies to track down the perpetrators and prevent further attacks.

Read more »
Subscribe to: Posts (Atom)